# VMID 2500 (Core RPC) Configuration Summary **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation **Configuration status:** Configured for local/permissioned nodes only. --- ## Configuration Overview VMID 2500 is the **Core RPC node** and is configured to **ONLY** connect to local/permissioned nodes on the internal network. --- ## ✅ Configuration Settings ### 1. Configuration File - **File**: `/etc/besu/config-rpc-core.toml` - **Template**: `smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml` ### 2. Key Security Settings #### Node Permissioning: ✅ ENABLED ```toml permissions-nodes-config-file-enabled=true permissions-nodes-config-file="/permissions/permissions-nodes.toml" ``` - **Only nodes in the allowlist can connect** - Allowlist contains **12 local nodes** (all on 192.168.11.0/24) #### Discovery: ❌ DISABLED ```toml discovery-enabled=false ``` - **No external node discovery** - Only uses static nodes and permissioned allowlist - Prevents discovery of unauthorized nodes #### Static Nodes: ✅ Enabled ```toml static-nodes-file="/genesis/static-nodes.json" ``` - Contains only validator nodes (1000-1004) - Used for initial peer connections --- ## 📋 Permissions Allowlist (12 Local Nodes) All nodes in `permissions-nodes.toml` are on the local network (192.168.11.0/24): ### Validators (5 nodes) - 192.168.11.100 - Validator 1 - 192.168.11.101 - Validator 2 - 192.168.11.102 - Validator 3 - 192.168.11.103 - Validator 4 - 192.168.11.104 - Validator 5 ### Sentries (4 nodes) - 192.168.11.150 - Sentry 1 - 192.168.11.151 - Sentry 2 - 192.168.11.152 - Sentry 3 - 192.168.11.153 - Sentry 4 ### RPC Nodes (3 nodes) - 192.168.11.250 - Core RPC (this node) - 192.168.11.251 - Permissioned RPC - 192.168.11.252 - Public RPC **Total**: 12 nodes (all local/permissioned) --- ## 🔧 RPC APIs Enabled As a Core RPC node, VMID 2500 has **full API access** for internal/core infrastructure: ```toml rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"] rpc-ws-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"] ``` **APIs**: - `ETH` - Ethereum protocol methods - `NET` - Network information - `WEB3` - Web3 client version - `ADMIN` - Administrative methods - `DEBUG` - Debug/trace methods - `TXPOOL` - Transaction pool methods --- ## 🔒 Security Features 1. **No External Discovery**: `discovery-enabled=false` prevents discovery of external nodes 2. **Strict Allowlisting**: Only 12 explicitly listed nodes can connect 3. **Local Network Only**: All allowed nodes are on 192.168.11.0/24 4. **Defense in Depth**: Multiple layers of security (permissioning + disabled discovery) --- ## 📝 Files Modified/Created 1. ✅ **Created**: `smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml` - Template for Core RPC node configuration - Discovery disabled - Full APIs enabled 2. ✅ **Updated**: `scripts/fix-rpc-2500.sh` - Uses `config-rpc-core.toml` for VMID 2500 - Ensures discovery is disabled - Verifies permissioning settings 3. ✅ **Documentation**: - `docs/05-network/RPC_2500_LOCAL_NODES_ONLY.md` - Detailed configuration guide - `docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md` - This summary --- ## ✅ Verification Checklist To verify VMID 2500 is configured correctly: ```bash # 1. Check discovery is disabled pct exec 2500 -- grep "discovery-enabled" /etc/besu/config-rpc-core.toml # Expected: discovery-enabled=false # 2. Check permissioning is enabled pct exec 2500 -- grep "permissions-nodes-config-file-enabled" /etc/besu/config-rpc-core.toml # Expected: permissions-nodes-config-file-enabled=true # 3. Verify permissions file contains only local nodes pct exec 2500 -- cat /permissions/permissions-nodes.toml | grep -o "192.168.11\.[0-9]*" | sort -u | wc -l # Expected: 12 (5 validators + 4 sentries + 3 RPC) # 4. Check connected peers (should only be local network) curl -X POST http://192.168.11.250:8545 \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","method":"admin_peers","params":[],"id":1}' | jq '.result[].remoteAddress' # Expected: Only 192.168.11.x addresses ``` --- ## 📚 Related Documentation - [RPC 2500 Local Nodes Only](./RPC_2500_LOCAL_NODES_ONLY.md) - [RPC Node Types Architecture](./RPC_NODE_TYPES_ARCHITECTURE.md) - [RPC 2500 Troubleshooting](/docs/09-troubleshooting/RPC_2500_TROUBLESHOOTING.md) - [Besu Allowlist Runbook](../06-besu/BESU_ALLOWLIST_RUNBOOK.md) --- **Last Updated**: $(date) **Configuration Status**: ✅ Complete - VMID 2500 only connects to local/permissioned nodes